CVE-2024-45774 MEDIUM

CVE-2024-45774: Grub2: reader/jpeg: heap oob write during jpeg parsing

Vendor Red Hat

Product Red Hat Enterprise Linux 10

Weakness CWE-787

Published February 18, 2025

Last update January 29, 2026

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.

Key dates

02Disclosure timeline

February 18, 2025 CVE published

January 29, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-45774 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2024-45774

CWE CWE-787

CVSS 6.7 / MEDIUM

Affected versions

Vendor Red Hat

Product Red Hat Enterprise Linux 10

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 8

Affected All versions

Vendor Red Hat

Product Red Hat OpenShift Container Platform 4

Affected All versions

CVE-2024-45774: Grub2: reader/jpeg: heap oob write during jpeg parsing

01Description

02Disclosure timeline

03References

04Related CVE